Over the weekend there were a couple of articles that popped out at me, mainly because it’s in an industry that we’ve been making strides to protect with our WedgeARP platform and our WedgeAMB product. This industry is of course, the healthcare industry and it is continuously under attack from hackers because of the amount of damage that they can cause to essential services and, consequently, the payday that they can extract from accessing private health records and holding critical systems hostage, especially in life-or-death situations.
The first article, from CBC, brings up the fact that healthcare providers across the country continue to get hit by ransomware. Despite having security in place, eHealth Saskatchewan, which manages the provinces personal medical records, appeared to have leaked files from its servers to suspicious IP addresses in various countries in Europe. This discovery was made during forensic analysis that resulted from a recent ransomware attack. It was found that although it was initially thought that the attack began on January 5, 2020, the initial virus entered the organization’s health system as early as December 20, 2019. Employees did not discover any problem until they tried opening files on January 6th, 2020 and were requested for bitcoins in exchange for unlocking the files they needed to access. Although eHealth’s CEO, Jim Hornell, stated that the affected server mainly contained administrative files, such as emails, it’s not clear whether this server was in communication with other servers in the network. Despite backups being available, since the servers were breached and data encrypted and leaked offsite, the organization can never be sure whether confidential information had been compromised, even after they got their systems up and running again. Scary stuff when organizations such as these can get back up and running from their backups but still manage to lose confidential information from the attack!
The second article, from Ars Technica, is a much more in-depth read and serves to bring home some very critical points. From CBC’s article, we see that healthcare organizations continue to get hit, but this article tries to understand why healthcare continues to be so bad at securing themselves, despite the fact that they are aware that their networks are value targets. Despite the fact that the healthcare industry deals with life-or-death scenarios on a daily basis, they continue to have issues securing themselves. In 2019, the industry continued to get hit with data breaches, and ransomware attacks, costing to the tune of $4 billion. A case in point on how bad things are getting, five US healthcare organizations had reported getting hit by ransomware attacks in a single week in June of last year!! Because of the potential payday for hackers, their attacks are becoming more severe and more sophisticated as well!
So, what’s the problem? The Ars Technica article brings up what we believe are several salient points:
1. The “Last Mile” awareness problem: The number of patient using implantable devices that are potentially prone to cyber-attacks, and even patients connected to devices at home or elsewhere, may not be aware of the importance of receiving updates and patches to fix potential vulnerabilities in order for their devices to continue functioning safely and effectively.
2. A late start and continued lack of oversight: Government organizations have only recently been overseeing the issue of cybersecurity within the healthcare industry and are met with a lot of pushback from device manufacturers when it comes to regulating and addressing cybersecurity issues. Although many large healthcare organizations are recognizing the risk and are investing resources into prevention, for a vast majority of organizations, because of lack of or continued reduction in funding, the priority for cybersecurity gets pushed way down on the list.
3. Hospitals are notoriously bad at patching: With patching of medical devices taking time and resources, and with no regulatory requirements for healthcare organizations to do so, it is not surprising that this fairly effective cybersecurity activity is not taking place regularly. With no standardized protocols for patching and with so many different devices running both new and old operating systems, it becomes unwieldy to put together a regular patching protocol.
4. There is a lack of research on the effects of cyber attacks on these organizations: Not enough studies have been undertaken to provide concrete evidence of delays in emergency care and mortality rates that have directly resulted from cybersecurity incidents. The evidence may very well be enlightening on just how lives could very well be affected but ransomware and other malware attacks on the healthcare industry and could spur regulators to expedite cybersecurity requirements.
5. Understanding “risk”: Doctors do not understand cybersecurity risks, or they view it with a different lens as a result of their medical training. That being so, their idea of risk doesn’t equate to how the cybersecurity industry understands risk. Doctors consider the percentage of people who might get infected and how to mitigate that as opposed to looking at the exploitability of the infections and how they could be evolved for more nefarious purposes.
6. Lack of staffing: Even if the other salient points were taken care of, there remains the fact that there is still a fundamental issue affecting healthcare security. That is that they work with a limited amount of personnel and resources; and unfortunately, the first area that is cut or reduced is usually IT.
Thus, we see that there are a variety of reasons why the Healthcare, while continuously under siege by cyber threats, continues to hobble along. Many are the issues are inherent to the underlying mentality and understanding surrounding Cyber threats and the effects of attacks, while some come down to resource and lack thereof.
What we here at Wedge are trying to do, with our WedgeARP platform and WedgeAMB product, is to show that there is a solution that can help to alleviate at least some of the issues as listed above. With more visibility into the healthcare networks, and with tools such as AI and Machine learning that can detect and block malware such as ransomware in real-time, issues such as the “Last Mile” awareness and patching become non-issues.
From a reduced resource perspective, being able to PREVENT attacks from happening is a much more cost-effective way of dealing with cyber security than trying to remediate effects after the fact. For those healthcare organizations who are struggling to find resources in order to defend from and mitigate against cyber attacks, they should consider that PREVENTATIVE solutions such as WedgeAMB can provide much greater ROI than utilizing a Detect and Remediate approach. This can often alleviate lack of staffing issues, especially when WedgeAMB, with its single pane of glass management console, greatly reduces the need for staffing by minimizing and consolidating alerts and reports so that they can be much more easily managed than other solutions on the market.
Finally, with built in reports and wider visibility into what is going on within the network, WedgeAMB provides many of the tools needed for the incoming government regulation and oversight that is no doubt in the works. By generating insights into where the network is vulnerable, Healthcare Industry security teams can better understand where they need to shore up defences and where they can make better decisions on resource outlays.
At Wedge, we are continually working on ways that we can help beleaguered and hard hit industries like healthcare. In order to see how we can help your organization, feel free to drop us a line at: info@wedgenetworks.com. As always, we offer a FREE 90 day trial of our Wedge Advanced Malware Blocker (WedgeAMB) to any and all organizations in the healthcare industry. We are striving to be one of the networks security companies that can actually spearhead some of the needed change within healthcare cybersecurity!
Main Website Links
Wedge DCI Search
Wedge Calendar
-
Recent Posts
- vKey and Wedge: Protect and Extend Device Life in an Education Environment Webinar
- Wedge Networks Inc. Selected for Government of Canada Innovations Direct Buy Program
- Prevent the Rooting of Rootkits: The Critical Role of Real-time Threat Prevention
- Navigating the Digital Minefield: A Closer Look at Cybersecurity in 2023
- Wedge Networks announces its partner DLS has been awarded the Government of Canada SLSA for 5 years
Recent Comments
- Ram Bathala on Calgary’s Wedge Networks Looks to Channel for Enterprise Push with Malware-Blocking Product
- Eva on Milliseconds Versus Minutes – The Difference Between Prevention and Remediation
- Smithb on Wedge Adds AI for Better Malware Blocking
- Abram on Wedge Joins MEF to Boost World’s Third Network Security
- David Millar on 5G & IoT Dominate MWC16
Archives
- June 2024
- March 2024
- February 2024
- December 2023
- October 2023
- June 2023
- May 2023
- February 2023
- January 2023
- November 2022
- September 2022
- August 2022
- July 2022
- June 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- September 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- October 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- March 2018
- February 2018
- July 2017
- June 2017
- May 2017
- April 2017
- February 2017
- November 2016
- October 2016
- September 2016
- May 2016
- April 2016
- March 2016
- February 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- June 2015
- May 2015
- April 2015
- March 2015
- December 2014
- November 2014
- October 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- April 2013
- November 2012
- October 2012
- September 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- June 2011
- May 2011
- February 2011
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
Categories
Meta
Kaspersky ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 2022
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022
- Ransomware Attacks are on the Rise August 26, 2022
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022
- Twitter Whistleblower Complaint: The TL;DR Version August 24, 2022
- Firewall Bug Under Active Attack Triggers CISA Warning August 23, 2022
- Fake Reservation Links Prey on Weary Travelers August 22, 2022
- iPhone Users Urged to Update to Patch 2 Zero-Days August 19, 2022
- Google Patches Chrome’s Fifth Zero-Day of the Year August 18, 2022